Solved

Using SAMBA with encrypted passwords

Posted on 1998-11-13
11
306 Views
Last Modified: 2013-12-27
Hi there,

I installed samba 1.9.18p10 on a Solaris 2.6 system. I want to access it from a WinNT 4.0 wkst with SP3.

To do this (without having to change the way winnt negotiates passwords) I have to enable encrypted passwords in samba.

Now, as I understand there are primarily two ways:
1) Make a special samba-password file
2) Let another server/domain do the authentication

I want to use method (2), so I would like to just set "security=myserver.bla.bla", where myserver is my NT PDC.
Will this work or do I still need a samba password file. The documentation is a bit ambiguous in that respect ....

Excerpt:
"In this mode Samba will try to validate the
username/password by passing it to another SMB server, such
as an NT box. If this fails it will revert
to "security = user", but note that if encrypted passwords
have been negotiated then Samba cannot revert back to
checking the UNIX password file, it must have a valid
smbpasswd file to check users against."
^^^^^^^^^

If this should be a hard question, I am willing to give more points, but I am sure this should be a pretty standard-situation.

Greetings,

         os
0
Comment
Question by:os012897
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
  • +1
11 Comments
 
LVL 3

Expert Comment

by:arunm
ID: 2007807
Im slightly confused, using this method what would happen if you attached a NT box that did not have sp3 ie. password encryption. Wouldnt it just be easier (but admittedly less secure!) to use the registry hack to stop NT (sp3) using encrpytion?
   
0
 
LVL 3

Author Comment

by:os012897
ID: 2007808
That is what I am doing right now, but I do not want to have it that way forever.

Basically I think as long as you have a user with identical UID on the NT and UNIX box it should work, as even NT before SP3 used password encryption. The difference is just, that pre-SP3 NT had a default fallback mode where it would also send passwords unencrypted if necessary, which after SP3 isn't the case anymore.

Greetings,

       os

0
 
LVL 3

Expert Comment

by:arunm
ID: 2007809
Due to the lack of responses, Im starting to wonder if what your asking will actually work?
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 3

Author Comment

by:os012897
ID: 2007810
Well, maybe I should ask in the WInNT forum .....

os

0
 
LVL 3

Expert Comment

by:arunm
ID: 2007811
Good idea. Why not post a zero question there, indicating the problem and with the url of this thread.

0
 
LVL 3

Expert Comment

by:arunm
ID: 2007812
that should read- zero point question.

0
 
LVL 1

Expert Comment

by:kuehn
ID: 2007813
Have you tried to setup an Wins server? Samba needs wins. Without no login.
0
 
LVL 3

Author Comment

by:os012897
ID: 2007814
Hi kuehn,

I do not have Wins, but I CAN use the shares from the unix-machine. The problem is just, that I cannot use encrypted passwords (SP3) at the moment, see original question.

Greetings,

      os

0
 
LVL 2

Expert Comment

by:cwalter
ID: 2007815
You have 2 things you need to accomplish.

1. Make sure you have something similiar to the following in your smb.conf file:

[global]
   server string = Solaris SMB Server
   local master = no
   preferred master = no
   wins server = wins.domain.com
   domain master = no
   printing = bsd
   printcap name = /etc/printcap
   load printers = yes
   guest account = pcguest
   security = server
   password server = pdc.domain.com    

2. Setup your smbpasswd file with usernames and passwds which match your NT usernames and passwds.
0
 
LVL 3

Author Comment

by:os012897
ID: 2007816
Thanx cwalter,

First off, you will get your points, I would just like to have two things clarified first:

1) I am NOT using wins, is that a problem?
2) What is the smbpasswd good for? Can't I go without one?


Greetings,

          os

0
 
LVL 2

Accepted Solution

by:
cwalter earned 50 total points
ID: 2007817
You don't really need WINS, it is nice to have running, if nothing else your Unix machine could do it. If you don't have WINS running you need to have the NT name match the IP name. So if your PDC is called pdc in NT then the IP name would be pdc.domain.com.

smppasswd is kinda working as a key. Username to encrypted password and vice versa. This way Unix can match the username to the encrypted password which NT expects.
0

Featured Post

The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's say you need to move the data of a file system from one partition to another. This generally involves dismounting the file system, backing it up to tapes, and restoring it to a new partition. You may also copy the file system from one place to…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question